Compare commits
No commits in common. "c8" and "a9-beta-deprecated" have entirely different histories.
c8
...
a9-beta-de
@ -1 +1 @@
|
||||
3511edebc20381fc108c92e41218cbfc4ed78fa8 SOURCES/v2.13.1.1.tar.gz
|
||||
9d9b8fcd872d8782b96d312fb13f47a41658dd04 SOURCES/v2.7.0.6.tar.gz
|
||||
|
||||
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/v2.13.1.1.tar.gz
|
||||
SOURCES/v2.7.0.6.tar.gz
|
||||
|
||||
75
SOURCES/0001-Initial-redhat-build-configuation.patch
Normal file
75
SOURCES/0001-Initial-redhat-build-configuation.patch
Normal file
@ -0,0 +1,75 @@
|
||||
From 9d071a9b4b40f0f86bb0b739b72c0b9b4870f060 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
Date: Fri, 14 May 2021 09:42:08 +0200
|
||||
Subject: Initial redhat build configuation.
|
||||
|
||||
Using .distro repository to hold redhat tools and configuration.
|
||||
|
||||
Package can be built on brew using rh-rhel-koji command.
|
||||
|
||||
Note: Old rh-brew target is supported.
|
||||
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
Merged patches (2.7.0.6):
|
||||
- 896c5c83 Require iptables package
|
||||
- a702a0d1 (origin/rhel-9.0.0-beta) source-git: Use dynamic SRPM_NAME
|
||||
---
|
||||
.distro/Makefile | 73 ++++++
|
||||
.distro/Makefile.common | 18 ++
|
||||
.distro/WALinuxAgent.spec.template | 254 +++++++++++++++++++++
|
||||
.distro/module-setup.sh | 16 ++
|
||||
.distro/rpmbuild/BUILD/.gitignore | 2 +
|
||||
.distro/rpmbuild/RPMS/.gitignore | 2 +
|
||||
.distro/rpmbuild/SOURCES/.gitignore | 2 +
|
||||
.distro/rpmbuild/SPECS/.gitignore | 2 +
|
||||
.distro/rpmbuild/SRPMS/.gitignore | 2 +
|
||||
.distro/scripts/extract_build_cmd.py | 83 +++++++
|
||||
.distro/scripts/frh.py | 24 ++
|
||||
.distro/scripts/git-backport-diff | 327 +++++++++++++++++++++++++++
|
||||
.distro/scripts/git-compile-check | 215 ++++++++++++++++++
|
||||
.distro/scripts/process-patches.sh | 92 ++++++++
|
||||
.distro/scripts/tarball_checksum.sh | 3 +
|
||||
setup.py | 4 +-
|
||||
16 files changed, 1117 insertions(+), 2 deletions(-)
|
||||
create mode 100644 .distro/Makefile
|
||||
create mode 100644 .distro/Makefile.common
|
||||
create mode 100644 .distro/WALinuxAgent.spec.template
|
||||
create mode 100644 .distro/module-setup.sh
|
||||
create mode 100644 .distro/rpmbuild/BUILD/.gitignore
|
||||
create mode 100644 .distro/rpmbuild/RPMS/.gitignore
|
||||
create mode 100644 .distro/rpmbuild/SOURCES/.gitignore
|
||||
create mode 100644 .distro/rpmbuild/SPECS/.gitignore
|
||||
create mode 100644 .distro/rpmbuild/SRPMS/.gitignore
|
||||
create mode 100755 .distro/scripts/extract_build_cmd.py
|
||||
create mode 100755 .distro/scripts/frh.py
|
||||
create mode 100755 .distro/scripts/git-backport-diff
|
||||
create mode 100755 .distro/scripts/git-compile-check
|
||||
create mode 100755 .distro/scripts/process-patches.sh
|
||||
create mode 100755 .distro/scripts/tarball_checksum.sh
|
||||
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 12c9e1d6..e4d7cf7e 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -97,7 +97,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
|
||||
agent_bin_path = osutil.get_agent_bin_path()
|
||||
|
||||
if name in ('redhat', 'centos', 'almalinux', 'cloudlinux'): # pylint: disable=R1714
|
||||
- if version.startswith("8.2"):
|
||||
+ if version.startswith("9"):
|
||||
# redhat8+ default to py3
|
||||
set_bin_files(data_files, dest=agent_bin_path,
|
||||
src=["bin/py3/waagent", "bin/waagent2.0"])
|
||||
@@ -106,7 +106,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
|
||||
set_conf_files(data_files)
|
||||
set_logrotate_files(data_files)
|
||||
set_udev_files(data_files)
|
||||
- if version.startswith("8.2"):
|
||||
+ if version.startswith("9"):
|
||||
# redhat 8+ uses systemd and python3
|
||||
set_systemd_files(data_files, dest=systemd_dir_path,
|
||||
src=["init/redhat/waagent.service",
|
||||
--
|
||||
2.31.1
|
||||
|
||||
40
SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch
Normal file
40
SOURCES/0002-Implement-restart_if-for-RedHat-OS.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From 8538516744130409f96b3ec956ff5ec1b1c1be11 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
Date: Tue, 24 May 2022 04:10:46 -0400
|
||||
Subject: Implement restart_if for RedHat OS
|
||||
|
||||
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
azurelinuxagent/common/osutil/redhat.py | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
|
||||
index 9759d113..a02647cd 100644
|
||||
--- a/azurelinuxagent/common/osutil/redhat.py
|
||||
+++ b/azurelinuxagent/common/osutil/redhat.py
|
||||
@@ -142,3 +142,21 @@ class RedhatOSUtil(Redhat6xOSUtil):
|
||||
endpoint = self.get_endpoint_from_leases_path('/var/lib/NetworkManager/dhclient-*.lease')
|
||||
|
||||
return endpoint
|
||||
+
|
||||
+ def restart_if(self, ifname, retries=3, wait=5):
|
||||
+ """
|
||||
+ Restart an interface by bouncing the link.
|
||||
+ """
|
||||
+ retry_limit=retries+1
|
||||
+ for attempt in range(1, retry_limit):
|
||||
+ try:
|
||||
+ shellutil.run_command(["ip", "link", "set", ifname, "down"])
|
||||
+ shellutil.run_command(["ip", "link", "set", ifname, "up"])
|
||||
+
|
||||
+ except shellutil.CommandError as cmd_err:
|
||||
+ logger.warn("failed to restart {0}: return code {1}".format(ifname, cmd_err.returncode))
|
||||
+ if attempt < retry_limit:
|
||||
+ logger.info("retrying in {0} seconds".format(wait))
|
||||
+ time.sleep(wait)
|
||||
+ else:
|
||||
+ logger.warn("exceeded restart retries")
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From 246586f31209b70667b494db30c847c5b87fe7a3 Mon Sep 17 00:00:00 2001
|
||||
From: Darren Archibald <darren.archibald@oracle.com>
|
||||
Date: Wed, 21 Sep 2022 05:40:34 -0700
|
||||
Subject: [PATCH] Add Oracle support
|
||||
|
||||
Add oracle support to fix waagent.service build issue
|
||||
|
||||
Signed-off-by: Darren Archibald <darren.archibald@oracle.com>
|
||||
|
||||
Updated for OL9.7
|
||||
Signed-off-by: Mark Will <mark.will@oracle.com>
|
||||
---
|
||||
setup.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/setup.py b/setup.py
|
||||
index cf6e90b..f2a49f1 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -97,7 +97,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
|
||||
systemd_dir_path = osutil.get_systemd_unit_file_install_path()
|
||||
agent_bin_path = osutil.get_agent_bin_path()
|
||||
|
||||
- if name in ('redhat', 'rhel', 'centos', 'almalinux', 'cloudlinux', 'rocky'):
|
||||
+ if name in ('redhat', 'rhel', 'centos', 'almalinux', 'cloudlinux', 'rocky', 'oracle'):
|
||||
if version.startswith("8") or version.startswith("9"):
|
||||
# redhat8+ default to py3
|
||||
set_bin_files(data_files, dest=agent_bin_path,
|
||||
--
|
||||
2.27.0
|
||||
|
||||
101
SOURCES/WALinuxAgent-2.3-almalinux_support.patch
Normal file
101
SOURCES/WALinuxAgent-2.3-almalinux_support.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From 958d73ebc8c196dd30e9768d3e9cf1bdb6d32e25 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksandr Kravchenko <akravchenko@cloudlinux.com>
|
||||
Date: Thu, 1 Apr 2021 17:19:08 +0300
|
||||
Subject: [PATCH 1/3] added AlmaLinux
|
||||
|
||||
---
|
||||
azurelinuxagent/common/osutil/factory.py | 2 +-
|
||||
azurelinuxagent/pa/rdma/factory.py | 2 +-
|
||||
setup.py | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/azurelinuxagent/common/osutil/factory.py b/azurelinuxagent/common/osutil/factory.py
|
||||
index b212c38253..4a09544c4d 100644
|
||||
--- a/azurelinuxagent/common/osutil/factory.py
|
||||
+++ b/azurelinuxagent/common/osutil/factory.py
|
||||
@@ -98,7 +98,7 @@ def _get_osutil(distro_name, distro_code_name, distro_version, distro_full_name)
|
||||
|
||||
return DebianOSBaseUtil()
|
||||
|
||||
- if distro_name in ("redhat", "rhel", "centos", "oracle"):
|
||||
+ if distro_name in ("redhat", "rhel", "centos", "oracle", "almalinux"):
|
||||
if Version(distro_version) < Version("7"):
|
||||
return Redhat6xOSUtil()
|
||||
|
||||
diff --git a/azurelinuxagent/pa/rdma/factory.py b/azurelinuxagent/pa/rdma/factory.py
|
||||
index d86d8b8f49..e19f2fe918 100644
|
||||
--- a/azurelinuxagent/pa/rdma/factory.py
|
||||
+++ b/azurelinuxagent/pa/rdma/factory.py
|
||||
@@ -38,7 +38,7 @@ def get_rdma_handler(
|
||||
):
|
||||
return SUSERDMAHandler()
|
||||
|
||||
- if distro_full_name == 'CentOS Linux' or distro_full_name == 'CentOS' or distro_full_name == 'Red Hat Enterprise Linux Server':
|
||||
+ if distro_full_name == 'CentOS Linux' or distro_full_name == 'CentOS' or distro_full_name == 'Red Hat Enterprise Linux Server' or distro_full_name == 'AlmaLinux':
|
||||
return CentOSRDMAHandler(distro_version)
|
||||
|
||||
if distro_full_name == 'Ubuntu':
|
||||
diff --git a/setup.py b/setup.py
|
||||
index c258e4b878..8ebdde5e50 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -97,7 +97,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
|
||||
agent_bin_path = osutil.get_agent_bin_path()
|
||||
|
||||
set_bin_files(data_files, dest=agent_bin_path)
|
||||
- if name == 'redhat' or name == 'centos': # pylint: disable=R1714
|
||||
+ if name == 'redhat' or name == 'centos' or name == 'almalinux': # pylint: disable=R1714
|
||||
set_conf_files(data_files)
|
||||
set_logrotate_files(data_files)
|
||||
set_udev_files(data_files)
|
||||
|
||||
From 74e3b01b6be8014c4da92c30d8ac7464cb2d381e Mon Sep 17 00:00:00 2001
|
||||
From: Aleksandr Kravchenko <akravchenko@cloudlinux.com>
|
||||
Date: Fri, 2 Apr 2021 16:06:56 +0300
|
||||
Subject: [PATCH 2/3] added test for AlmaLinux
|
||||
|
||||
---
|
||||
tests/common/osutil/test_factory.py | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/tests/common/osutil/test_factory.py b/tests/common/osutil/test_factory.py
|
||||
index f7d46b21a4..4ab234131b 100644
|
||||
--- a/tests/common/osutil/test_factory.py
|
||||
+++ b/tests/common/osutil/test_factory.py
|
||||
@@ -237,6 +237,13 @@ def test_get_osutil_it_should_return_redhat(self):
|
||||
self.assertTrue(isinstance(ret, RedhatOSUtil))
|
||||
self.assertEqual(ret.get_service_name(), "waagent")
|
||||
|
||||
+ ret = _get_osutil(distro_name="almalinux",
|
||||
+ distro_code_name="",
|
||||
+ distro_full_name="",
|
||||
+ distro_version="8")
|
||||
+ self.assertTrue(isinstance(ret, RedhatOSUtil))
|
||||
+ self.assertEqual(ret.get_service_name(), "waagent")
|
||||
+
|
||||
def test_get_osutil_it_should_return_euleros(self):
|
||||
ret = _get_osutil(distro_name="euleros",
|
||||
distro_code_name="",
|
||||
|
||||
From c9eb420d4a6ce69d2c668deef273a446e73fe2d0 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksandr Kravchenko <akravchenko@cloudlinux.com>
|
||||
Date: Thu, 20 May 2021 13:48:17 +0300
|
||||
Subject: [PATCH 3/3] improved
|
||||
|
||||
---
|
||||
azurelinuxagent/pa/rdma/factory.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/azurelinuxagent/pa/rdma/factory.py b/azurelinuxagent/pa/rdma/factory.py
|
||||
index e19f2fe918..c6d808117b 100644
|
||||
--- a/azurelinuxagent/pa/rdma/factory.py
|
||||
+++ b/azurelinuxagent/pa/rdma/factory.py
|
||||
@@ -38,7 +38,7 @@ def get_rdma_handler(
|
||||
):
|
||||
return SUSERDMAHandler()
|
||||
|
||||
- if distro_full_name == 'CentOS Linux' or distro_full_name == 'CentOS' or distro_full_name == 'Red Hat Enterprise Linux Server' or distro_full_name == 'AlmaLinux':
|
||||
+ if distro_full_name in ('CentOS Linux', 'CentOS', 'Red Hat Enterprise Linux Server', 'AlmaLinux'):
|
||||
return CentOSRDMAHandler(distro_version)
|
||||
|
||||
if distro_full_name == 'Ubuntu':
|
||||
@ -13,5 +13,5 @@ depends() {
|
||||
# called by dracut
|
||||
install() {
|
||||
inst_multiple cut readlink chmod
|
||||
inst_rules 10-azure-unmanaged-sriov.rules 66-azure-storage.rules 99-azure-product-uuid.rules
|
||||
inst_rules 66-azure-storage.rules 99-azure-product-uuid.rules
|
||||
}
|
||||
|
||||
0
SOURCES/tpm2-luks-import.sh
Normal file → Executable file
0
SOURCES/tpm2-luks-import.sh
Normal file → Executable file
@ -1,43 +0,0 @@
|
||||
From 92baa5663a0baa45e37243936221b0c1795ff324 Mon Sep 17 00:00:00 2001
|
||||
From: Ani Sinha <anisinha@redhat.com>
|
||||
Date: Mon, 6 May 2024 11:50:49 +0530
|
||||
Subject: Disable automatic log collector
|
||||
|
||||
RH-Author: Ani Sinha <anisinha@redhat.com>
|
||||
RH-MergeRequest: 11: Disable automatic log collector
|
||||
RH-Jira: RHEL-7273
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/1] 7a8002c626b45eb5e90fa0fe82694639d1e5b93d (anisinha/centos-wa-linux-agent)
|
||||
|
||||
Log collector is enabled by default. Due to security concerns from our customers
|
||||
disable it.
|
||||
|
||||
Jira: https://issues.redhat.com/browse/RHEL-7273
|
||||
Upstream: RHEL only.
|
||||
|
||||
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
||||
|
||||
Patch-name: wla-Disable-automatic-log-collector.patch
|
||||
Patch-id:
|
||||
Patch-present-in-specfile: True
|
||||
---
|
||||
config/waagent.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/config/waagent.conf b/config/waagent.conf
|
||||
index 3c9ad5d4..62d8148e 100644
|
||||
--- a/config/waagent.conf
|
||||
+++ b/config/waagent.conf
|
||||
@@ -70,7 +70,7 @@ Logs.Verbose=n
|
||||
# Logs.Console=y
|
||||
|
||||
# Enable periodic log collection, default is y
|
||||
-Logs.Collect=y
|
||||
+Logs.Collect=n
|
||||
|
||||
# How frequently to collect logs, default is each hour
|
||||
Logs.CollectPeriod=3600
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -1,83 +0,0 @@
|
||||
From cbf30e0eebbedc5242d03f53d355113a53209635 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Patterson <cpatterson@microsoft.com>
|
||||
Date: Thu, 1 Sep 2022 10:45:47 -0400
|
||||
Subject: [PATCH] Jira: https://issues.redhat.com/browse/RHEL-134939
|
||||
|
||||
RH-Author: yuxisun <None>
|
||||
RH-MergeRequest: 25: waagent.service: set ConditionVirtualization=|microsoft
|
||||
RH-Jira: RHEL-134939
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/1] 95d939cb838949a4509bd9415873fbdc7e7191f3
|
||||
|
||||
waagent.service: set ConditionVirtualization=|microsoft
|
||||
|
||||
Only start waagent service when running under Microsoft virtualization.
|
||||
|
||||
Set it as a triggering condition to make it easier for downstreams or
|
||||
test setups to add another condition (i.e. run outside of hyperv).
|
||||
|
||||
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
||||
(cherry picked from commit 2d78c9ebaba4742390e92dc5994391949b90ec4c)
|
||||
|
||||
Downstream only
|
||||
|
||||
Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
|
||||
---
|
||||
bin/waagent2.0 | 1 +
|
||||
init/redhat/py2/waagent.service | 1 +
|
||||
init/redhat/waagent.service | 1 +
|
||||
init/waagent.service | 1 +
|
||||
4 files changed, 4 insertions(+)
|
||||
|
||||
diff --git a/bin/waagent2.0 b/bin/waagent2.0
|
||||
index 34732677..c84c8c40 100644
|
||||
--- a/bin/waagent2.0
|
||||
+++ b/bin/waagent2.0
|
||||
@@ -1569,6 +1569,7 @@ After=network.target
|
||||
After=sshd.service
|
||||
ConditionFileIsExecutable=/usr/sbin/waagent
|
||||
ConditionPathExists=/etc/waagent.conf
|
||||
+ConditionVirtualization=|microsoft
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
diff --git a/init/redhat/py2/waagent.service b/init/redhat/py2/waagent.service
|
||||
index 920e0ec7..46254ec3 100644
|
||||
--- a/init/redhat/py2/waagent.service
|
||||
+++ b/init/redhat/py2/waagent.service
|
||||
@@ -5,6 +5,7 @@ After=network-online.target
|
||||
|
||||
ConditionFileIsExecutable=/usr/sbin/waagent
|
||||
ConditionPathExists=/etc/waagent.conf
|
||||
+ConditionVirtualization=|microsoft
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
diff --git a/init/redhat/waagent.service b/init/redhat/waagent.service
|
||||
index 2c6ac5d8..12d5feee 100644
|
||||
--- a/init/redhat/waagent.service
|
||||
+++ b/init/redhat/waagent.service
|
||||
@@ -5,6 +5,7 @@ After=network-online.target
|
||||
|
||||
ConditionFileIsExecutable=/usr/sbin/waagent
|
||||
ConditionPathExists=/etc/waagent.conf
|
||||
+ConditionVirtualization=|microsoft
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
diff --git a/init/waagent.service b/init/waagent.service
|
||||
index e91f1433..aa1f3203 100644
|
||||
--- a/init/waagent.service
|
||||
+++ b/init/waagent.service
|
||||
@@ -5,6 +5,7 @@ After=network-online.target
|
||||
|
||||
ConditionFileIsExecutable=/usr/sbin/waagent
|
||||
ConditionPathExists=/etc/waagent.conf
|
||||
+ConditionVirtualization=|microsoft
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@ -1,704 +0,0 @@
|
||||
From c446f444a897fc7094a5ce00bd77bb430c79d8ea Mon Sep 17 00:00:00 2001
|
||||
From: Norberto Arrieta <narrieta@users.noreply.github.com>
|
||||
Date: Tue, 4 Mar 2025 12:55:27 -0800
|
||||
Subject: [PATCH] Support for FIPS 140-3 (#3324)
|
||||
|
||||
RH-Author: yuxisun <None>
|
||||
RH-MergeRequest: 24: Support for FIPS 140-3 (#3324)
|
||||
RH-Jira: RHEL-124949
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [1/1] 3aadd91d56764017d13d8dc2cdada02551a7deff
|
||||
|
||||
Jira: https://issues.redhat.com/browse/RHEL-124949
|
||||
|
||||
When fetching certificates from WireServer, the Agent uses DES_EDE3_CBC. The PFX it receives has a MAC computed using PKCS12KDF. Both are deprecated on FIPS 140-3. This PR switches to AES128_CBC for communication with the WireServer (a subsequent PR will change it to AES256_CBC) and skips MAC verification when it is not needed. The changes also include some minor cleanup to remove data structures that are not used.
|
||||
|
||||
Upstream PR: https://github.com/Azure/WALinuxAgent/pull/3324
|
||||
|
||||
Signed-off-by: Yuxin Sun yuxisun@redhat.com
|
||||
---
|
||||
azurelinuxagent/common/event.py | 20 ++
|
||||
azurelinuxagent/common/protocol/goal_state.py | 216 +++++++++++-------
|
||||
azurelinuxagent/common/protocol/restapi.py | 24 --
|
||||
azurelinuxagent/common/protocol/wire.py | 18 +-
|
||||
azurelinuxagent/common/utils/cryptutil.py | 46 ++--
|
||||
azurelinuxagent/ga/update.py | 1 +
|
||||
tests/common/protocol/test_goal_state.py | 81 ++++++-
|
||||
tests/common/protocol/test_hostplugin.py | 35 ++-
|
||||
tests/common/protocol/test_wire.py | 8 +-
|
||||
tests/ga/test_update.py | 2 +-
|
||||
10 files changed, 275 insertions(+), 176 deletions(-)
|
||||
|
||||
diff --git a/azurelinuxagent/common/event.py b/azurelinuxagent/common/event.py
|
||||
index 6b9521ca..9b8a926e 100644
|
||||
--- a/azurelinuxagent/common/event.py
|
||||
+++ b/azurelinuxagent/common/event.py
|
||||
@@ -93,6 +93,7 @@ class WALAEventOperation:
|
||||
FetchGoalState = "FetchGoalState"
|
||||
Firewall = "Firewall"
|
||||
GoalState = "GoalState"
|
||||
+ GoalStateCertificates = "GoalStateCertificates"
|
||||
GoalStateUnsupportedFeatures = "GoalStateUnsupportedFeatures"
|
||||
HealthCheck = "HealthCheck"
|
||||
HealthObservation = "HealthObservation"
|
||||
@@ -733,6 +734,25 @@ def error(op, fmt, *args):
|
||||
add_event(op=op, message=fmt.format(*args), is_success=False, log_event=False)
|
||||
|
||||
|
||||
+class LogEvent(object):
|
||||
+ """
|
||||
+ Helper class that allows the use of info()/warn()/error() using a specific instance of a logger.
|
||||
+ """
|
||||
+ def __init__(self, logger_):
|
||||
+ self._logger = logger_
|
||||
+
|
||||
+ def info(self, op, fmt, *args):
|
||||
+ self._logger.info(fmt, *args)
|
||||
+ add_event(op=op, message=fmt.format(*args), is_success=True)
|
||||
+
|
||||
+ def warn(self, op, fmt, *args):
|
||||
+ self._logger.warn(fmt, *args)
|
||||
+ add_event(op=op, message="[WARNING] " + fmt.format(*args), is_success=False, log_event=False)
|
||||
+
|
||||
+ def error(self, op, fmt, *args):
|
||||
+ self._logger.error(fmt, *args)
|
||||
+ add_event(op=op, message=fmt.format(*args), is_success=False, log_event=False)
|
||||
+
|
||||
def add_log_event(level, message, forced=False, reporter=__event_logger__):
|
||||
"""
|
||||
:param level: LoggerLevel of the log event
|
||||
diff --git a/azurelinuxagent/common/protocol/goal_state.py b/azurelinuxagent/common/protocol/goal_state.py
|
||||
index f94f3ae5..2556cc73 100644
|
||||
--- a/azurelinuxagent/common/protocol/goal_state.py
|
||||
+++ b/azurelinuxagent/common/protocol/goal_state.py
|
||||
@@ -24,15 +24,14 @@ import json
|
||||
from azurelinuxagent.common import conf
|
||||
from azurelinuxagent.common import logger
|
||||
from azurelinuxagent.common.AgentGlobals import AgentGlobals
|
||||
-from azurelinuxagent.common.datacontract import set_properties
|
||||
-from azurelinuxagent.common.event import add_event, WALAEventOperation
|
||||
+from azurelinuxagent.common.event import add_event, WALAEventOperation, LogEvent
|
||||
from azurelinuxagent.common.exception import ProtocolError, ResourceGoneError
|
||||
from azurelinuxagent.common.future import ustr
|
||||
from azurelinuxagent.common.protocol.extensions_goal_state_factory import ExtensionsGoalStateFactory
|
||||
from azurelinuxagent.common.protocol.extensions_goal_state import VmSettingsParseError, GoalStateSource
|
||||
from azurelinuxagent.common.protocol.hostplugin import VmSettingsNotSupported, VmSettingsSupportStopped
|
||||
-from azurelinuxagent.common.protocol.restapi import Cert, CertList, RemoteAccessUser, RemoteAccessUsersList, ExtHandlerPackage, ExtHandlerPackageList
|
||||
-from azurelinuxagent.common.utils import fileutil
|
||||
+from azurelinuxagent.common.protocol.restapi import RemoteAccessUser, RemoteAccessUsersList, ExtHandlerPackage, ExtHandlerPackageList
|
||||
+from azurelinuxagent.common.utils import fileutil, shellutil
|
||||
from azurelinuxagent.common.utils.archive import GoalStateHistory, SHARED_CONF_FILE_NAME
|
||||
from azurelinuxagent.common.utils.cryptutil import CryptUtil
|
||||
from azurelinuxagent.common.utils.textutil import parse_doc, findall, find, findtext, getattrib, gettext
|
||||
@@ -41,6 +40,7 @@ from azurelinuxagent.common.utils.textutil import parse_doc, findall, find, find
|
||||
GOAL_STATE_URI = "http://{0}/machine/?comp=goalstate"
|
||||
CERTS_FILE_NAME = "Certificates.xml"
|
||||
P7M_FILE_NAME = "Certificates.p7m"
|
||||
+PFX_FILE_NAME = "Certificates.pfx"
|
||||
PEM_FILE_NAME = "Certificates.pem"
|
||||
TRANSPORT_CERT_FILE_NAME = "TransportCert.pem"
|
||||
TRANSPORT_PRV_FILE_NAME = "TransportPrivate.pem"
|
||||
@@ -282,16 +282,8 @@ class GoalState(object):
|
||||
self._check_and_download_missing_certs_on_disk()
|
||||
|
||||
def _download_certificates(self, certs_uri):
|
||||
- xml_text = self._wire_client.fetch_config(certs_uri, self._wire_client.get_header_for_cert())
|
||||
- certs = Certificates(xml_text, self.logger)
|
||||
- # Log and save the certificates summary (i.e. the thumbprint but not the certificate itself) to the goal state history
|
||||
- for c in certs.summary:
|
||||
- message = "Downloaded certificate {0}".format(c)
|
||||
- self.logger.info(message)
|
||||
- add_event(op=WALAEventOperation.GoalState, message=message)
|
||||
- if len(certs.warnings) > 0:
|
||||
- self.logger.warn(certs.warnings)
|
||||
- add_event(op=WALAEventOperation.GoalState, message=certs.warnings)
|
||||
+ certs = Certificates(self._wire_client, certs_uri, self.logger)
|
||||
+ # Save the certificates summary (i.e. the thumbprints but not the certificates themselves) to the goal state history
|
||||
if self._save_to_history:
|
||||
self._history.save_certificates(json.dumps(certs.summary))
|
||||
return certs
|
||||
@@ -511,31 +503,83 @@ class SharedConfig(object):
|
||||
self.xml_text = xml_text
|
||||
|
||||
|
||||
-class Certificates(object):
|
||||
- def __init__(self, xml_text, my_logger):
|
||||
- self.cert_list = CertList()
|
||||
- self.summary = [] # debugging info
|
||||
- self.warnings = []
|
||||
+class Certificates(LogEvent):
|
||||
+ def __init__(self, wire_client, uri, logger_):
|
||||
+ super(Certificates, self).__init__(logger_)
|
||||
+ self.summary = []
|
||||
+ self._crypt_util = CryptUtil(conf.get_openssl_cmd())
|
||||
|
||||
- # Save the certificates
|
||||
- local_file = os.path.join(conf.get_lib_dir(), CERTS_FILE_NAME)
|
||||
- fileutil.write_file(local_file, xml_text)
|
||||
+ try:
|
||||
+ pfx_file = self._download_certificates_pfx(wire_client, uri)
|
||||
+ if pfx_file is None: # The response from the WireServer may not have any certificates
|
||||
+ return
|
||||
|
||||
- # Separate the certificates into individual files.
|
||||
- xml_doc = parse_doc(xml_text)
|
||||
- data = findtext(xml_doc, "Data")
|
||||
- if data is None:
|
||||
- return
|
||||
+ try:
|
||||
+ pem_file = self._convert_certificates_pfx_to_pem(pfx_file)
|
||||
+ finally:
|
||||
+ self._remove_file(pfx_file)
|
||||
|
||||
- # if the certificates format is not Pkcs7BlobWithPfxContents do not parse it
|
||||
- certificate_format = findtext(xml_doc, "Format")
|
||||
- if certificate_format and certificate_format != "Pkcs7BlobWithPfxContents":
|
||||
- message = "The Format is not Pkcs7BlobWithPfxContents. Format is {0}".format(certificate_format)
|
||||
- my_logger.warn(message)
|
||||
- add_event(op=WALAEventOperation.GoalState, message=message)
|
||||
- return
|
||||
+ self.summary = self._extract_certificate(pem_file)
|
||||
+
|
||||
+ for c in self.summary:
|
||||
+ self.info(WALAEventOperation.GoalStateCertificates, "Downloaded certificate {0}", c)
|
||||
+
|
||||
+ except Exception as e:
|
||||
+ self.error(WALAEventOperation.GoalStateCertificates, "Error fetching the goal state certificates: {0}", ustr(e))
|
||||
+
|
||||
+ def _remove_file(self, file):
|
||||
+ if os.path.exists(file):
|
||||
+ try:
|
||||
+ os.remove(file)
|
||||
+ except Exception as e:
|
||||
+ self.warn(WALAEventOperation.GoalStateCertificates, "Failed to remove {0}: {1}", file, ustr(e))
|
||||
+
|
||||
+ def _download_certificates_pfx(self, wire_client, uri):
|
||||
+ """
|
||||
+ Downloads the certificates from the WireServer and saves them to a pfx file.
|
||||
+ Returns the full path of the pfx file, or None, if the WireServer response does not have a "Data" element
|
||||
+ """
|
||||
+ trans_prv_file = os.path.join(conf.get_lib_dir(), TRANSPORT_PRV_FILE_NAME)
|
||||
+ trans_cert_file = os.path.join(conf.get_lib_dir(), TRANSPORT_CERT_FILE_NAME)
|
||||
+ xml_file = os.path.join(conf.get_lib_dir(), CERTS_FILE_NAME)
|
||||
+ pfx_file = os.path.join(conf.get_lib_dir(), PFX_FILE_NAME)
|
||||
+
|
||||
+ for cypher in ["AES128_CBC", "DES_EDE3_CBC"]:
|
||||
+ headers = wire_client.get_headers_for_encrypted_request(cypher)
|
||||
+
|
||||
+ try:
|
||||
+ xml_text = wire_client.fetch_config(uri, headers)
|
||||
+ except Exception as e:
|
||||
+ self.warn(WALAEventOperation.GoalStateCertificates, "Error in Certificates request [cypher: {0}]: {1}", cypher, ustr(e))
|
||||
+ continue
|
||||
|
||||
- cryptutil = CryptUtil(conf.get_openssl_cmd())
|
||||
+ fileutil.write_file(xml_file, xml_text)
|
||||
+
|
||||
+ xml_doc = parse_doc(xml_text)
|
||||
+ data = findtext(xml_doc, "Data")
|
||||
+ if data is None:
|
||||
+ self.info(WALAEventOperation.GoalStateCertificates, "The Data element of the Certificates response is empty")
|
||||
+ return None
|
||||
+ certificate_format = findtext(xml_doc, "Format")
|
||||
+ if certificate_format and certificate_format != "Pkcs7BlobWithPfxContents":
|
||||
+ self.warn(WALAEventOperation.GoalStateCertificates, "The Certificates format is not Pkcs7BlobWithPfxContents; skipping. Format is {0}", certificate_format)
|
||||
+ return None
|
||||
+
|
||||
+ p7m_file = Certificates._create_p7m_file(data)
|
||||
+
|
||||
+ try:
|
||||
+ self._crypt_util.decrypt_certificates_p7m(p7m_file, trans_prv_file, trans_cert_file, pfx_file)
|
||||
+ except shellutil.CommandError as e:
|
||||
+ self.warn(WALAEventOperation.GoalState, "Error in transport decryption [cypher: {0}]: {1}", cypher, ustr(e))
|
||||
+ self._remove_file(pfx_file)
|
||||
+ continue
|
||||
+
|
||||
+ return pfx_file
|
||||
+
|
||||
+ raise Exception("Cannot download certificates using any of the supported cyphers")
|
||||
+
|
||||
+ @staticmethod
|
||||
+ def _create_p7m_file(data):
|
||||
p7m_file = os.path.join(conf.get_lib_dir(), P7M_FILE_NAME)
|
||||
p7m = ("MIME-Version:1.0\n" # pylint: disable=W1308
|
||||
"Content-Disposition: attachment; filename=\"{0}\"\n"
|
||||
@@ -543,68 +587,72 @@ class Certificates(object):
|
||||
"Content-Transfer-Encoding: base64\n"
|
||||
"\n"
|
||||
"{2}").format(p7m_file, p7m_file, data)
|
||||
-
|
||||
fileutil.write_file(p7m_file, p7m)
|
||||
+ return p7m_file
|
||||
|
||||
- trans_prv_file = os.path.join(conf.get_lib_dir(), TRANSPORT_PRV_FILE_NAME)
|
||||
- trans_cert_file = os.path.join(conf.get_lib_dir(), TRANSPORT_CERT_FILE_NAME)
|
||||
+ def _convert_certificates_pfx_to_pem(self, pfx_file):
|
||||
+ """
|
||||
+ Convert the pfx file to pem file.
|
||||
+ """
|
||||
pem_file = os.path.join(conf.get_lib_dir(), PEM_FILE_NAME)
|
||||
- # decrypt certificates
|
||||
- cryptutil.decrypt_p7m(p7m_file, trans_prv_file, trans_cert_file, pem_file)
|
||||
|
||||
+ for nomacver in [True, False]:
|
||||
+ try:
|
||||
+ self._crypt_util.convert_pfx_to_pem(pfx_file, nomacver, pem_file)
|
||||
+ return pem_file
|
||||
+ except shellutil.CommandError as e:
|
||||
+ self._remove_file(pem_file) # An error may leave an empty pem file, which can produce a failure on some versions of open SSL (e.g. 3.2.2) on the next invocation
|
||||
+ self.warn(WALAEventOperation.GoalState, "Error converting PFX to PEM [-nomacver: {0}]: {1}", nomacver, ustr(e))
|
||||
+ continue
|
||||
+
|
||||
+ raise Exception("Cannot convert PFX to PEM")
|
||||
+
|
||||
+ def _extract_certificate(self, pem_file):
|
||||
+ """
|
||||
+ Parse the certificates and private keys from the pem file and store them in the certificates directory.
|
||||
+ """
|
||||
# The parsing process use public key to match prv and crt.
|
||||
- buf = []
|
||||
- prvs = {}
|
||||
- thumbprints = {}
|
||||
+ private_keys = {} # map of private keys indexed by public key
|
||||
+ thumbprints = {} # map of thumbprints indexed by public key
|
||||
+ buffer = [] # buffer for reading lines belonging to a certificate or private key
|
||||
index = 0
|
||||
- v1_cert_list = []
|
||||
-
|
||||
- # Ensure pem_file exists before read the certs data since decrypt_p7m may clear the pem_file wen decryption fails
|
||||
- if os.path.exists(pem_file):
|
||||
- with open(pem_file) as pem:
|
||||
- for line in pem.readlines():
|
||||
- buf.append(line)
|
||||
- if re.match(r'[-]+END.*KEY[-]+', line):
|
||||
- tmp_file = Certificates._write_to_tmp_file(index, 'prv', buf)
|
||||
- pub = cryptutil.get_pubkey_from_prv(tmp_file)
|
||||
- prvs[pub] = tmp_file
|
||||
- buf = []
|
||||
- index += 1
|
||||
- elif re.match(r'[-]+END.*CERTIFICATE[-]+', line):
|
||||
- tmp_file = Certificates._write_to_tmp_file(index, 'crt', buf)
|
||||
- pub = cryptutil.get_pubkey_from_crt(tmp_file)
|
||||
- thumbprint = cryptutil.get_thumbprint_from_crt(tmp_file)
|
||||
- thumbprints[pub] = thumbprint
|
||||
- # Rename crt with thumbprint as the file name
|
||||
- crt = "{0}.crt".format(thumbprint)
|
||||
- v1_cert_list.append({
|
||||
- "name": None,
|
||||
- "thumbprint": thumbprint
|
||||
- })
|
||||
- os.rename(tmp_file, os.path.join(conf.get_lib_dir(), crt))
|
||||
- buf = []
|
||||
- index += 1
|
||||
+
|
||||
+ with open(pem_file) as pem:
|
||||
+ for line in pem.readlines():
|
||||
+ buffer.append(line)
|
||||
+ if re.match(r'[-]+END.*KEY[-]+', line):
|
||||
+ tmp_file = Certificates._write_to_tmp_file(index, 'prv', buffer)
|
||||
+ pub = self._crypt_util.get_pubkey_from_prv(tmp_file)
|
||||
+ private_keys[pub] = tmp_file
|
||||
+ buffer = []
|
||||
+ index += 1
|
||||
+ elif re.match(r'[-]+END.*CERTIFICATE[-]+', line):
|
||||
+ tmp_file = Certificates._write_to_tmp_file(index, 'crt', buffer)
|
||||
+ pub = self._crypt_util.get_pubkey_from_crt(tmp_file)
|
||||
+ thumbprint = self._crypt_util.get_thumbprint_from_crt(tmp_file)
|
||||
+ thumbprints[pub] = thumbprint
|
||||
+ # Rename crt with thumbprint as the file name
|
||||
+ crt = "{0}.crt".format(thumbprint)
|
||||
+ os.rename(tmp_file, os.path.join(conf.get_lib_dir(), crt))
|
||||
+ buffer = []
|
||||
+ index += 1
|
||||
|
||||
# Rename prv key with thumbprint as the file name
|
||||
- for pubkey in prvs:
|
||||
+ for pubkey in private_keys:
|
||||
thumbprint = thumbprints[pubkey]
|
||||
if thumbprint:
|
||||
- tmp_file = prvs[pubkey]
|
||||
+ tmp_file = private_keys[pubkey]
|
||||
prv = "{0}.prv".format(thumbprint)
|
||||
os.rename(tmp_file, os.path.join(conf.get_lib_dir(), prv))
|
||||
else:
|
||||
- # Since private key has *no* matching certificate,
|
||||
- # it will not be named correctly
|
||||
- self.warnings.append("Found NO matching cert/thumbprint for private key!")
|
||||
+ # Since private key has *no* matching certificate, it will not be named correctly
|
||||
+ self.warn(WALAEventOperation.GoalState, "Found a private key with no matching cert/thumbprint!")
|
||||
|
||||
+ certificates = []
|
||||
for pubkey, thumbprint in thumbprints.items():
|
||||
- has_private_key = pubkey in prvs
|
||||
- self.summary.append({"thumbprint": thumbprint, "hasPrivateKey": has_private_key})
|
||||
-
|
||||
- for v1_cert in v1_cert_list:
|
||||
- cert = Cert()
|
||||
- set_properties("certs", cert, v1_cert)
|
||||
- self.cert_list.certificates.append(cert)
|
||||
+ has_private_key = pubkey in private_keys
|
||||
+ certificates.append({"thumbprint": thumbprint, "hasPrivateKey": has_private_key})
|
||||
+ return certificates
|
||||
|
||||
@staticmethod
|
||||
def _write_to_tmp_file(index, suffix, buf):
|
||||
@@ -614,9 +662,7 @@ class Certificates(object):
|
||||
|
||||
class EmptyCertificates:
|
||||
def __init__(self):
|
||||
- self.cert_list = CertList()
|
||||
- self.summary = [] # debugging info
|
||||
- self.warnings = []
|
||||
+ self.summary = []
|
||||
|
||||
class RemoteAccess(object):
|
||||
"""
|
||||
diff --git a/azurelinuxagent/common/protocol/restapi.py b/azurelinuxagent/common/protocol/restapi.py
|
||||
index 54e020c1..7e563b4a 100644
|
||||
--- a/azurelinuxagent/common/protocol/restapi.py
|
||||
+++ b/azurelinuxagent/common/protocol/restapi.py
|
||||
@@ -43,30 +43,6 @@ class VMInfo(DataContract):
|
||||
self.tenantName = tenantName
|
||||
|
||||
|
||||
-class CertificateData(DataContract):
|
||||
- def __init__(self, certificateData=None):
|
||||
- self.certificateData = certificateData
|
||||
-
|
||||
-
|
||||
-class Cert(DataContract):
|
||||
- def __init__(self,
|
||||
- name=None,
|
||||
- thumbprint=None,
|
||||
- certificateDataUri=None,
|
||||
- storeName=None,
|
||||
- storeLocation=None):
|
||||
- self.name = name
|
||||
- self.thumbprint = thumbprint
|
||||
- self.certificateDataUri = certificateDataUri
|
||||
- self.storeLocation = storeLocation
|
||||
- self.storeName = storeName
|
||||
-
|
||||
-
|
||||
-class CertList(DataContract):
|
||||
- def __init__(self):
|
||||
- self.certificates = DataContractList(Cert)
|
||||
-
|
||||
-
|
||||
class VMAgentFamily(object):
|
||||
def __init__(self, name):
|
||||
self.name = name
|
||||
diff --git a/azurelinuxagent/common/protocol/wire.py b/azurelinuxagent/common/protocol/wire.py
|
||||
index 00a01f09..0277b7f0 100644
|
||||
--- a/azurelinuxagent/common/protocol/wire.py
|
||||
+++ b/azurelinuxagent/common/protocol/wire.py
|
||||
@@ -115,8 +115,7 @@ class WireProtocol(DataContract):
|
||||
return vminfo
|
||||
|
||||
def get_certs(self):
|
||||
- certificates = self.client.get_certs()
|
||||
- return certificates.cert_list
|
||||
+ return self.client.get_certs()
|
||||
|
||||
def get_goal_state(self):
|
||||
return self.client.get_goal_state()
|
||||
@@ -1140,13 +1139,11 @@ class WireClient(object):
|
||||
"Content-Type": "text/xml;charset=utf-8"
|
||||
}
|
||||
|
||||
- def get_header_for_cert(self):
|
||||
- return self._get_header_for_encrypted_request("DES_EDE3_CBC")
|
||||
-
|
||||
def get_header_for_remote_access(self):
|
||||
- return self._get_header_for_encrypted_request("AES128_CBC")
|
||||
+ return self.get_headers_for_encrypted_request("AES128_CBC")
|
||||
|
||||
- def _get_header_for_encrypted_request(self, cypher):
|
||||
+ @staticmethod
|
||||
+ def get_headers_for_encrypted_request(cypher):
|
||||
trans_cert_file = os.path.join(conf.get_lib_dir(), TRANSPORT_CERT_FILE_NAME)
|
||||
try:
|
||||
content = fileutil.read_file(trans_cert_file)
|
||||
@@ -1154,12 +1151,15 @@ class WireClient(object):
|
||||
raise ProtocolError("Failed to read {0}: {1}".format(trans_cert_file, e))
|
||||
|
||||
cert = get_bytes_from_pem(content)
|
||||
- return {
|
||||
+ headers = {
|
||||
"x-ms-agent-name": "WALinuxAgent",
|
||||
"x-ms-version": PROTOCOL_VERSION,
|
||||
- "x-ms-cipher-name": cypher,
|
||||
"x-ms-guest-agent-public-x509-cert": cert
|
||||
}
|
||||
+ if cypher is not None: # the cypher header is optional, currently defaults to AES128_CBC
|
||||
+ headers["x-ms-cipher-name"] = cypher
|
||||
+
|
||||
+ return headers
|
||||
|
||||
def get_host_plugin(self):
|
||||
if self._host_plugin is None:
|
||||
diff --git a/azurelinuxagent/common/utils/cryptutil.py b/azurelinuxagent/common/utils/cryptutil.py
|
||||
index 00126e25..789a9486 100644
|
||||
--- a/azurelinuxagent/common/utils/cryptutil.py
|
||||
+++ b/azurelinuxagent/common/utils/cryptutil.py
|
||||
@@ -86,36 +86,22 @@ class CryptUtil(object):
|
||||
thumbprint = thumbprint.rstrip().split('=')[1].replace(':', '').upper()
|
||||
return thumbprint
|
||||
|
||||
- def decrypt_p7m(self, p7m_file, trans_prv_file, trans_cert_file, pem_file):
|
||||
-
|
||||
- def _cleanup_files(files_to_cleanup):
|
||||
- for file_path in files_to_cleanup:
|
||||
- if os.path.exists(file_path):
|
||||
- try:
|
||||
- os.remove(file_path)
|
||||
- logger.info("Removed file {0}", file_path)
|
||||
- except Exception as e:
|
||||
- logger.error("Failed to remove file {0}: {1}", file_path, ustr(e))
|
||||
-
|
||||
- if not os.path.exists(p7m_file):
|
||||
- raise IOError(errno.ENOENT, "File not found", p7m_file)
|
||||
- elif not os.path.exists(trans_prv_file):
|
||||
- raise IOError(errno.ENOENT, "File not found", trans_prv_file)
|
||||
- else:
|
||||
- try:
|
||||
- shellutil.run_pipe([
|
||||
- [self.openssl_cmd, "cms", "-decrypt", "-in", p7m_file, "-inkey", trans_prv_file, "-recip", trans_cert_file],
|
||||
- [self.openssl_cmd, "pkcs12", "-nodes", "-password", "pass:", "-out", pem_file]])
|
||||
- except shellutil.CommandError as command_error:
|
||||
- logger.error("Failed to decrypt {0} (return code: {1})\n[stdout]\n{2}\n[stderr]\n{3}",
|
||||
- p7m_file, command_error.returncode, command_error.stdout, command_error.stderr)
|
||||
- # If the decryption fails, old version of openssl overwrite the output file(if exist) with empty data while
|
||||
- # new version of openssl(3.2.2) does not overwrite the output file, So output file may contain old certs data.
|
||||
- # Correcting the behavior by removing the temporary output files since having empty/no data is makes sense when decryption fails
|
||||
- # otherwise we end up processing old certs again.
|
||||
- files_to_remove = [p7m_file, pem_file]
|
||||
- logger.info("Removing temporary state certificate files {0}", files_to_remove)
|
||||
- _cleanup_files(files_to_remove)
|
||||
+ def decrypt_certificates_p7m(self, p7m_file, trans_prv_file, trans_cert_file, pfx_file):
|
||||
+ umask = None
|
||||
+ try:
|
||||
+ umask = os.umask(0o077)
|
||||
+ with open(pfx_file, "wb") as pfx_file_:
|
||||
+ shellutil.run_command([self.openssl_cmd, "cms", "-decrypt", "-in", p7m_file, "-inkey", trans_prv_file, "-recip", trans_cert_file], stdout=pfx_file_)
|
||||
+ finally:
|
||||
+ if umask is not None:
|
||||
+ os.umask(umask)
|
||||
+
|
||||
+ def convert_pfx_to_pem(self, pfx_file, nomacver, pem_file):
|
||||
+ command = [self.openssl_cmd, "pkcs12", "-nodes", "-password", "pass:", "-in", pfx_file, "-out", pem_file]
|
||||
+ if nomacver:
|
||||
+ command.append("-nomacver")
|
||||
+
|
||||
+ shellutil.run_command(command)
|
||||
|
||||
def crt_to_ssh(self, input_file, output_file):
|
||||
with open(output_file, "ab") as file_out:
|
||||
diff --git a/azurelinuxagent/ga/update.py b/azurelinuxagent/ga/update.py
|
||||
index 7ab19101..f806ff26 100644
|
||||
--- a/azurelinuxagent/ga/update.py
|
||||
+++ b/azurelinuxagent/ga/update.py
|
||||
@@ -85,6 +85,7 @@ READONLY_FILE_GLOBS = [
|
||||
"*.p7m",
|
||||
"*.pem",
|
||||
"*.prv",
|
||||
+ "Certificates.xml",
|
||||
"ovf-env.xml"
|
||||
]
|
||||
|
||||
diff --git a/tests/common/protocol/test_goal_state.py b/tests/common/protocol/test_goal_state.py
|
||||
index a5f89587..9b70ce05 100644
|
||||
--- a/tests/common/protocol/test_goal_state.py
|
||||
+++ b/tests/common/protocol/test_goal_state.py
|
||||
@@ -6,6 +6,7 @@ import datetime
|
||||
import glob
|
||||
import os
|
||||
import re
|
||||
+import subprocess
|
||||
import shutil
|
||||
import time
|
||||
|
||||
@@ -492,9 +493,85 @@ class GoalStateTestCase(AgentTestCase, HttpRequestPredicates):
|
||||
|
||||
goal_state = GoalState(protocol.client)
|
||||
|
||||
- self.assertEqual(0, len(goal_state.certs.summary), "Cert list should be empty")
|
||||
- self.assertEqual(1, http_get_handler.certificate_requests, "There should have been exactly 1 requests for the goal state certificates")
|
||||
+ self.assertEqual(0, len(goal_state.certs.summary), "Certificates should be empty")
|
||||
+ self.assertEqual(2, http_get_handler.certificate_requests, "There should have been exactly 2 requests for the goal state certificates") # 1 for the initial request, 1 for the retry with an older cypher
|
||||
|
||||
+ def test_goal_state_should_try_legacy_cypher_and_then_fail_when_no_cyphers_are_supported_by_the_wireserver(self):
|
||||
+ cyphers = []
|
||||
+ def http_get_handler(url, *_, **kwargs):
|
||||
+ if HttpRequestPredicates.is_certificates_request(url):
|
||||
+ cypher = kwargs["headers"].get("x-ms-cipher-name")
|
||||
+ if cypher is None:
|
||||
+ raise Exception("x-ms-cipher-name header is missing from the Certificates request")
|
||||
+ cyphers.append(cypher)
|
||||
+ return MockHttpResponse(status=400, body="unsupported cypher: {0}".format(cypher).encode('utf-8'))
|
||||
+ return None
|
||||
+
|
||||
+ with mock_wire_protocol(wire_protocol_data.DATA_FILE) as protocol:
|
||||
+ with patch("azurelinuxagent.common.event.LogEvent.error") as log_error_patch:
|
||||
+ protocol.set_http_handlers(http_get_handler=http_get_handler)
|
||||
+ goal_state = GoalState(protocol.client)
|
||||
+
|
||||
+ log_error_args, _ = log_error_patch.call_args
|
||||
+
|
||||
+ self.assertEqual(cyphers, ["AES128_CBC", "DES_EDE3_CBC"], "There should have been 2 requests for the goal state certificates (AES128_CBC and DES_EDE3_CBC)")
|
||||
+ self.assertEqual(log_error_args[0], "GoalStateCertificates", "An error fetching the goal state Certificates should have been reported")
|
||||
+ self.assertEqual(0, len(goal_state.certs.summary), "Certificates should be empty")
|
||||
+ self.assertFalse(os.path.exists(os.path.join(conf.get_lib_dir(), "Certificates.pfx")), "The Certificates.pfx file should not have been created")
|
||||
+
|
||||
+ def test_goal_state_should_try_legacy_cypher_and_then_fail_when_no_cyphers_are_supported_by_openssl(self):
|
||||
+ cyphers = []
|
||||
+ def http_get_handler(url, *_, **kwargs):
|
||||
+ if HttpRequestPredicates.is_certificates_request(url):
|
||||
+ cyphers.append(kwargs["headers"].get("x-ms-cipher-name"))
|
||||
+ return None
|
||||
+
|
||||
+ original_popen = subprocess.Popen
|
||||
+ openssl = conf.get_openssl_cmd()
|
||||
+ decrypt_calls = []
|
||||
+ def mock_fail_popen(command, *args, **kwargs):
|
||||
+ if len(command) > 3 and command[0:3] == [openssl, "cms", "-decrypt"]:
|
||||
+ decrypt_calls.append(command)
|
||||
+ command[1] = "fake_openssl_command" # force an error on the openssl to simulate a decryption failure
|
||||
+ return original_popen(command, *args, **kwargs)
|
||||
+
|
||||
+ with mock_wire_protocol(wire_protocol_data.DATA_FILE) as protocol:
|
||||
+ protocol.set_http_handlers(http_get_handler=http_get_handler)
|
||||
+ with patch("azurelinuxagent.common.event.LogEvent.error") as log_error_patch:
|
||||
+ with patch("azurelinuxagent.ga.cgroupapi.subprocess.Popen", mock_fail_popen):
|
||||
+ goal_state = GoalState(protocol.client)
|
||||
+
|
||||
+ log_error_args, _ = log_error_patch.call_args
|
||||
+
|
||||
+ self.assertEqual(cyphers, ["AES128_CBC", "DES_EDE3_CBC"], "There should have been 2 requests for the goal state certificates (AES128_CBC and DES_EDE3_CBC)")
|
||||
+ self.assertEqual(2, len(decrypt_calls), "There should have been 2 calls to 'openssl cms -decrypt'")
|
||||
+ self.assertEqual(log_error_args[0], "GoalStateCertificates", "An error fetching the goal state Certificates should have been reported")
|
||||
+ self.assertEqual(0, len(goal_state.certs.summary), "Certificates should be empty")
|
||||
+ self.assertFalse(os.path.exists(os.path.join(conf.get_lib_dir(), "Certificates.pfx")), "The Certificates.pfx file should not have been created")
|
||||
+
|
||||
+ def test_goal_state_should_try_without_and_with_mac_verification_then_fail_when_the_pfx_cannot_be_converted(self):
|
||||
+ original_popen = subprocess.Popen
|
||||
+ openssl = conf.get_openssl_cmd()
|
||||
+ nomacver = []
|
||||
+
|
||||
+ def mock_fail_popen(command, *args, **kwargs):
|
||||
+ if len(command) > 2 and command[0] == openssl and command[1] == "pkcs12":
|
||||
+ nomacver.append("-nomacver" in command)
|
||||
+ # force an error on the openssl to simulate the conversion failure
|
||||
+ command[1] = "fake_openssl_command"
|
||||
+ return original_popen(command, *args, **kwargs)
|
||||
+
|
||||
+
|
||||
+ with mock_wire_protocol(wire_protocol_data.DATA_FILE) as protocol:
|
||||
+ with patch("azurelinuxagent.common.event.LogEvent.error") as log_error_patch:
|
||||
+ with patch("azurelinuxagent.ga.cgroupapi.subprocess.Popen", mock_fail_popen):
|
||||
+ goal_state = GoalState(protocol.client)
|
||||
+
|
||||
+ log_error_args, _ = log_error_patch.call_args
|
||||
+
|
||||
+ self.assertEqual(nomacver, [True, False], "There should have been 2 attempts to parse the PFX (with and without -nomacver)")
|
||||
+ self.assertEqual(log_error_args[0], "GoalStateCertificates", "An error fetching the goal state Certificates should have been reported")
|
||||
+ self.assertEqual(0, len(goal_state.certs.summary), "Certificates should be empty")
|
||||
|
||||
def test_it_should_raise_when_goal_state_properties_not_initialized(self):
|
||||
with GoalStateTestCase._create_protocol_ws_and_hgap_in_sync() as protocol:
|
||||
diff --git a/tests/common/protocol/test_hostplugin.py b/tests/common/protocol/test_hostplugin.py
|
||||
index 4c97c73f..7d94139b 100644
|
||||
--- a/tests/common/protocol/test_hostplugin.py
|
||||
+++ b/tests/common/protocol/test_hostplugin.py
|
||||
@@ -365,8 +365,7 @@ class TestHostPlugin(HttpRequestPredicates, AgentTestCase):
|
||||
# ensure host plugin is not set as default
|
||||
self.assertFalse(wire.HostPluginProtocol.is_default_channel)
|
||||
|
||||
- @patch("azurelinuxagent.common.event.add_event")
|
||||
- def test_put_status_error_reporting(self, patch_add_event):
|
||||
+ def test_put_status_error_reporting(self):
|
||||
"""
|
||||
Validate the telemetry when uploading status fails
|
||||
"""
|
||||
@@ -377,22 +376,22 @@ class TestHostPlugin(HttpRequestPredicates, AgentTestCase):
|
||||
|
||||
put_error = wire.HttpError("put status http error")
|
||||
with patch.object(restutil, "http_put", side_effect=put_error):
|
||||
- with patch.object(wire.HostPluginProtocol,
|
||||
- "ensure_initialized", return_value=True):
|
||||
- self.assertRaises(wire.ProtocolError, wire_protocol_client.upload_status_blob)
|
||||
-
|
||||
- # The agent tries to upload via HostPlugin and that fails due to
|
||||
- # http_put having a side effect of "put_error"
|
||||
- #
|
||||
- # The agent tries to upload using a direct connection, and that succeeds.
|
||||
- self.assertEqual(1, wire_protocol_client.status_blob.upload.call_count) # pylint: disable=no-member
|
||||
- # The agent never touches the default protocol is this code path, so no change.
|
||||
- self.assertFalse(wire.HostPluginProtocol.is_default_channel)
|
||||
- # The agent never logs telemetry event for direct fallback
|
||||
- self.assertEqual(1, patch_add_event.call_count)
|
||||
- self.assertEqual('ReportStatus', patch_add_event.call_args[1]['op'])
|
||||
- self.assertTrue('Falling back to direct' in patch_add_event.call_args[1]['message'])
|
||||
- self.assertEqual(True, patch_add_event.call_args[1]['is_success'])
|
||||
+ with patch.object(wire.HostPluginProtocol, "ensure_initialized", return_value=True):
|
||||
+ with patch("azurelinuxagent.common.event.add_event") as patch_add_event:
|
||||
+ self.assertRaises(wire.ProtocolError, wire_protocol_client.upload_status_blob)
|
||||
+
|
||||
+ # The agent tries to upload via HostPlugin and that fails due to
|
||||
+ # http_put having a side effect of "put_error"
|
||||
+ #
|
||||
+ # The agent tries to upload using a direct connection, and that succeeds.
|
||||
+ self.assertEqual(1, wire_protocol_client.status_blob.upload.call_count) # pylint: disable=no-member
|
||||
+ # The agent never touches the default protocol is this code path, so no change.
|
||||
+ self.assertFalse(wire.HostPluginProtocol.is_default_channel)
|
||||
+ # The agent never logs telemetry event for direct fallback
|
||||
+ self.assertEqual(1, patch_add_event.call_count)
|
||||
+ self.assertEqual('ReportStatus', patch_add_event.call_args[1]['op'])
|
||||
+ self.assertTrue('Falling back to direct' in patch_add_event.call_args[1]['message'])
|
||||
+ self.assertEqual(True, patch_add_event.call_args[1]['is_success'])
|
||||
|
||||
def test_validate_http_request_when_uploading_status(self):
|
||||
"""Validate correct set of data is sent to HostGAPlugin when reporting VM status"""
|
||||
diff --git a/tests/common/protocol/test_wire.py b/tests/common/protocol/test_wire.py
|
||||
index c3dc9461..bec4634f 100644
|
||||
--- a/tests/common/protocol/test_wire.py
|
||||
+++ b/tests/common/protocol/test_wire.py
|
||||
@@ -497,12 +497,6 @@ class TestWireProtocol(AgentTestCase, HttpRequestPredicates):
|
||||
client.report_event(self._get_telemetry_events_generator(event_list), flush=True)
|
||||
self.assertEqual(mock_http_request.call_count, 3)
|
||||
|
||||
- def test_get_header_for_cert_should_use_triple_des(self, *_):
|
||||
- with mock_wire_protocol(wire_protocol_data.DATA_FILE) as protocol:
|
||||
- headers = protocol.client.get_header_for_cert()
|
||||
- self.assertIn("x-ms-cipher-name", headers)
|
||||
- self.assertEqual(headers["x-ms-cipher-name"], "DES_EDE3_CBC", "Unexpected x-ms-cipher-name")
|
||||
-
|
||||
def test_get_header_for_remote_access_should_use_aes128(self, *_):
|
||||
with mock_wire_protocol(wire_protocol_data.DATA_FILE) as protocol:
|
||||
headers = protocol.client.get_header_for_remote_access()
|
||||
@@ -1096,7 +1090,7 @@ class UpdateGoalStateTestCase(HttpRequestPredicates, AgentTestCase):
|
||||
self.assertEqual(protocol.client.get_hosting_env().deployment_name, new_hosting_env_deployment_name)
|
||||
self.assertEqual(protocol.client.get_shared_conf().xml_text, new_shared_conf)
|
||||
self.assertEqual(sequence_number, new_sequence_number)
|
||||
- self.assertEqual(len(protocol.client.get_certs().cert_list.certificates), 0)
|
||||
+ self.assertEqual(len(protocol.client.get_certs().summary), 0)
|
||||
|
||||
self.assertEqual(protocol.client.get_host_plugin().container_id, new_container_id)
|
||||
self.assertEqual(protocol.client.get_host_plugin().role_config_name, new_role_config_name)
|
||||
diff --git a/tests/ga/test_update.py b/tests/ga/test_update.py
|
||||
index 167e69dc..376e9fc0 100644
|
||||
--- a/tests/ga/test_update.py
|
||||
+++ b/tests/ga/test_update.py
|
||||
@@ -2059,7 +2059,7 @@ class TryUpdateGoalStateTestCase(HttpRequestPredicates, AgentTestCase):
|
||||
# Double check the certificates are correct
|
||||
goal_state = protocol.get_goal_state()
|
||||
|
||||
- thumbprints = [c.thumbprint for c in goal_state.certs.cert_list.certificates]
|
||||
+ thumbprints = [c["thumbprint"] for c in goal_state.certs.summary]
|
||||
|
||||
for extension in goal_state.extensions_goal_state.extensions:
|
||||
for settings in extension.settings:
|
||||
--
|
||||
2.51.1
|
||||
|
||||
@ -0,0 +1,107 @@
|
||||
From 1671c696f3b0f51e3e317b50aabc5dc84be4ca01 Mon Sep 17 00:00:00 2001
|
||||
From: Mohammed Gamal <mgamal@redhat.com>
|
||||
Date: Wed, 3 Aug 2022 13:23:19 +0200
|
||||
Subject: [PATCH 2/2] Update Log Collector default in Comments and Readme
|
||||
(#2608)
|
||||
|
||||
RH-Author: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
RH-MergeRequest: 4: Update Log Collector default in Comments and Readme
|
||||
RH-Commit: [1/1] 2f249d80b7136a0e3dbacb34a75c56454b95b8c2
|
||||
RH-Bugzilla: 2093965
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2093965
|
||||
|
||||
(cherry picked from commit a560872bec103523e73ddcb5fb5705896545ffce)
|
||||
|
||||
Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
|
||||
---
|
||||
README.md | 2 +-
|
||||
config/debian/waagent.conf | 2 +-
|
||||
config/suse/waagent.conf | 2 +-
|
||||
config/ubuntu/waagent.conf | 2 +-
|
||||
config/waagent.conf | 2 +-
|
||||
tests/data/test_waagent.conf | 2 +-
|
||||
6 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/README.md b/README.md
|
||||
index c69f43e6..f2f3db46 100644
|
||||
--- a/README.md
|
||||
+++ b/README.md
|
||||
@@ -465,7 +465,7 @@ _Default: y_
|
||||
|
||||
If set, agent logs will be periodically collected and uploaded to a secure location for improved supportability.
|
||||
|
||||
-NOTE: This feature is only supported ubuntu 16.04+; this flag will not take effect on any other distro.
|
||||
+NOTE: This feature relies on the agent's resource usage features (cgroups); this flag will not take effect on any distro not supported.
|
||||
|
||||
#### __Logs.CollectPeriod__
|
||||
|
||||
diff --git a/config/debian/waagent.conf b/config/debian/waagent.conf
|
||||
index 6bc36604..dfd7afcd 100644
|
||||
--- a/config/debian/waagent.conf
|
||||
+++ b/config/debian/waagent.conf
|
||||
@@ -63,7 +63,7 @@ Logs.Verbose=n
|
||||
# Enable Console logging, default is y
|
||||
# Logs.Console=y
|
||||
|
||||
-# Enable periodic log collection, default is n
|
||||
+# Enable periodic log collection, default is y
|
||||
Logs.Collect=y
|
||||
|
||||
# How frequently to collect logs, default is each hour
|
||||
diff --git a/config/suse/waagent.conf b/config/suse/waagent.conf
|
||||
index ac9f11a2..c617f9af 100644
|
||||
--- a/config/suse/waagent.conf
|
||||
+++ b/config/suse/waagent.conf
|
||||
@@ -66,7 +66,7 @@ Logs.Verbose=n
|
||||
# Enable Console logging, default is y
|
||||
# Logs.Console=y
|
||||
|
||||
-# Enable periodic log collection, default is n
|
||||
+# Enable periodic log collection, default is y
|
||||
Logs.Collect=y
|
||||
|
||||
# How frequently to collect logs, default is each hour
|
||||
diff --git a/config/ubuntu/waagent.conf b/config/ubuntu/waagent.conf
|
||||
index 63635a81..19b56bae 100644
|
||||
--- a/config/ubuntu/waagent.conf
|
||||
+++ b/config/ubuntu/waagent.conf
|
||||
@@ -66,7 +66,7 @@ Logs.Verbose=n
|
||||
# Enable Console logging, default is y
|
||||
# Logs.Console=y
|
||||
|
||||
-# Enable periodic log collection, default is n
|
||||
+# Enable periodic log collection, default is y
|
||||
Logs.Collect=y
|
||||
|
||||
# How frequently to collect logs, default is each hour
|
||||
diff --git a/config/waagent.conf b/config/waagent.conf
|
||||
index c7d10e2f..14cd01c8 100644
|
||||
--- a/config/waagent.conf
|
||||
+++ b/config/waagent.conf
|
||||
@@ -72,7 +72,7 @@ Logs.Verbose=n
|
||||
# Enable Console logging, default is y
|
||||
# Logs.Console=y
|
||||
|
||||
-# Enable periodic log collection, default is n
|
||||
+# Enable periodic log collection, default is y
|
||||
Logs.Collect=y
|
||||
|
||||
# How frequently to collect logs, default is each hour
|
||||
diff --git a/tests/data/test_waagent.conf b/tests/data/test_waagent.conf
|
||||
index a386228a..cc60886e 100644
|
||||
--- a/tests/data/test_waagent.conf
|
||||
+++ b/tests/data/test_waagent.conf
|
||||
@@ -67,7 +67,7 @@ ResourceDisk.MountOptions=None
|
||||
# Enable verbose logging (y|n)
|
||||
Logs.Verbose=n
|
||||
|
||||
-# Enable periodic log collection, default is n
|
||||
+# Enable periodic log collection, default is y
|
||||
Logs.Collect=y
|
||||
|
||||
# How frequently to collect logs, default is each hour
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -1,60 +0,0 @@
|
||||
From 846d9f18e2ee331e35a7243f73de3bb3c18875df Mon Sep 17 00:00:00 2001
|
||||
From: Yuxin Sun <yuxisun@redhat.com>
|
||||
Date: Fri, 27 Jun 2025 01:34:20 +0800
|
||||
Subject: [PATCH] Use systemctl instead of service to manager services in new
|
||||
RHEL versions (#3403)
|
||||
|
||||
RH-Author: yuxisun <None>
|
||||
RH-MergeRequest: 19: Use systemctl instead of service to manager services in new RHEL versions (#3403)
|
||||
RH-Jira: RHEL-97572
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/1] bc7fe085ed52750264773c1922e8268ace741a8e (yuxisun/WALinuxAgent-src)
|
||||
|
||||
In the RHEL bootc base image there's no initscripts-service package installed, so that there's no "service" command by default. This causes many service control commands cannot be executed inside WALA.
|
||||
From RHEL-7 on, the systemctl command replaces service and chkconfig. So we'd like to drop all the 'service' command and use systemctl instead.
|
||||
|
||||
RH-JIRA: RHEL-97572
|
||||
Upstream PR: https://github.com/Azure/WALinuxAgent/pull/3403
|
||||
|
||||
(cherry picked from commit a6cfdfdc3e04884a08cd6dd20fa035b687943fe9)
|
||||
Signed-off-by: Yuxin Sun <yuxisun@redhat.com>
|
||||
---
|
||||
azurelinuxagent/common/osutil/redhat.py | 14 +++++++++++++-
|
||||
1 file changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
|
||||
index b85b2d42..cf2d2f78 100644
|
||||
--- a/azurelinuxagent/common/osutil/redhat.py
|
||||
+++ b/azurelinuxagent/common/osutil/redhat.py
|
||||
@@ -245,6 +245,18 @@ class RedhatOSModernUtil(RedhatOSUtil):
|
||||
def __init__(self): # pylint: disable=W0235
|
||||
super(RedhatOSModernUtil, self).__init__()
|
||||
|
||||
+ def restart_ssh_service(self):
|
||||
+ return shellutil.run("systemctl condrestart sshd", chk_err=False)
|
||||
+
|
||||
+ def stop_agent_service(self):
|
||||
+ return shellutil.run("systemctl stop {0}".format(self.service_name), chk_err=False)
|
||||
+
|
||||
+ def start_agent_service(self):
|
||||
+ return shellutil.run("systemctl start {0}".format(self.service_name), chk_err=False)
|
||||
+
|
||||
+ def restart_network_manager(self):
|
||||
+ shellutil.run("systemctl restart NetworkManager")
|
||||
+
|
||||
def restart_if(self, ifname, retries=3, wait=5):
|
||||
"""
|
||||
Restart an interface by bouncing the link. systemd-networkd observes
|
||||
@@ -270,7 +282,7 @@ class RedhatOSModernUtil(RedhatOSUtil):
|
||||
# RedhatOSUtil was updated to conditionally run NetworkManager restart in response to a race condition between
|
||||
# NetworkManager restart and the agent restarting the network interface during publish_hostname. Keeping the
|
||||
# NetworkManager restart in RedhatOSModernUtil because the issue was not reproduced on these versions.
|
||||
- shellutil.run("service NetworkManager restart")
|
||||
+ self.restart_network_manager()
|
||||
DefaultOSUtil.publish_hostname(self, hostname)
|
||||
|
||||
def set_dhcp_hostname(self, hostname):
|
||||
--
|
||||
2.50.1
|
||||
|
||||
@ -1,202 +0,0 @@
|
||||
From 756fe22f41c0607394a9b9ba20c15677b3389a21 Mon Sep 17 00:00:00 2001
|
||||
From: Li Tian <94442129+litian1992@users.noreply.github.com>
|
||||
Date: Tue, 5 Aug 2025 03:18:10 +0800
|
||||
Subject: [PATCH] docs: add waagent manpage (#3401)
|
||||
|
||||
RH-Author: Li Tian <None>
|
||||
RH-MergeRequest: 22: redhat: docs: add waagent manpage (RHEL-9) (#3401)
|
||||
RH-Jira: RHEL-109496
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [1/1] a6c0303463f4cd9362d7276119cc81ebe74490ac (litian1/WALinuxAgent)
|
||||
|
||||
* docs: add waagent manpage
|
||||
|
||||
Add also man page handler in setup.py
|
||||
|
||||
---------
|
||||
|
||||
Signed-off-by: Li Tian <litian@redhat.com>
|
||||
Co-authored-by: maddieford <93676569+maddieford@users.noreply.github.com>
|
||||
(cherry picked from commit 7f9b5568b6572745b7d0776de0ff6fb70a28dba0)
|
||||
Signed-off-by: Li Tian <litian@redhat.com>
|
||||
---
|
||||
.distro/WALinuxAgent.spec | 1 +
|
||||
doc/man/waagent.1 | 117 ++++++++++++++++++++++++++++++++++++++
|
||||
setup.py | 14 +++++
|
||||
3 files changed, 132 insertions(+)
|
||||
create mode 100644 doc/man/waagent.1
|
||||
|
||||
diff --git a/doc/man/waagent.1 b/doc/man/waagent.1
|
||||
new file mode 100644
|
||||
index 00000000..b1d8e9eb
|
||||
--- /dev/null
|
||||
+++ b/doc/man/waagent.1
|
||||
@@ -0,0 +1,117 @@
|
||||
+.TH WAAGENT 1 "June 2025" "Azure Linux Agent" "System Administration"
|
||||
+.SH NAME
|
||||
+waagent \- Azure Linux VM Agent
|
||||
+.SH SYNOPSIS
|
||||
+.B waagent
|
||||
+[-verbose] [-force] [-help] [\fISUBCOMMAND\fR]...
|
||||
+
|
||||
+.SH DESCRIPTION
|
||||
+The Azure Linux Agent (waagent) manages virtual machine interaction with the Azure fabric controller.
|
||||
+
|
||||
+Most subcommands are not meant to be run directly by the user. However, some subcommands may be useful for debugging (such as collect-logs, version, and show-configuration) and deprovisioning.
|
||||
+
|
||||
+.SH SUBCOMMANDS
|
||||
+.TP
|
||||
+\fB-collect-logs\fR
|
||||
+Runs the log collector utility that collects relevant agent logs for debugging and stores them in the agent folder on disk. Exact location will be shown when run. Use flag \fB-full\fR for more exhaustive log collection.
|
||||
+
|
||||
+.TP
|
||||
+\fB-configuration-path FILE\fR
|
||||
+Used together with \fB-start\fR or \fB-daemon\fR to specify configuration file. Default to /etc/waagent.conf.
|
||||
+
|
||||
+.TP
|
||||
+\fB-daemon -start\fR
|
||||
+Run waagent as a daemon in background.
|
||||
+
|
||||
+.TP
|
||||
+\fB-deprovision\fR
|
||||
+Attempt to clean the system and make it suitable for re-provisioning. WARNING: Deprovision does not guarantee that the image is cleared of all sensitive information and suitable for redistribution.
|
||||
+
|
||||
+.TP
|
||||
+\fB-deprovision+user\fR
|
||||
+Same as \fB-deprovision\fR, but also removes the last provisioned user account.
|
||||
+
|
||||
+.TP
|
||||
+\fB-register-service\fR
|
||||
+Register waagent as a service and enable it.
|
||||
+
|
||||
+.TP
|
||||
+\fB-run-exthandlers\fR
|
||||
+Run check for updates to waagent and extension handler. Note that outputs to /dev/console will be temporarily suspended.
|
||||
+
|
||||
+.TP
|
||||
+\fB-setup-firewall=IP\fR
|
||||
+Set up firewall rules for endpoint \fBIP\fR.
|
||||
+
|
||||
+.TP
|
||||
+\fB-show-configuration\fR
|
||||
+Print the current configuration, including values read from waagent.conf.
|
||||
+
|
||||
+.TP
|
||||
+\fB-help\fR
|
||||
+Display usage information.
|
||||
+
|
||||
+.TP
|
||||
+\fB-version\fR
|
||||
+Show the current version of the agent.
|
||||
+
|
||||
+.SH CONFIGURATION
|
||||
+The agent is configured via this file by default:
|
||||
+
|
||||
+.B /etc/waagent.conf
|
||||
+
|
||||
+This file contains key=value settings that control agent behavior, including provisioning, disk formatting, resource limits, and certificate handling.
|
||||
+
|
||||
+Example entries:
|
||||
+.RS
|
||||
+Provisioning.Enabled=y
|
||||
+ResourceDisk.Format=y
|
||||
+ResourceDisk.MountPoint=/mnt/resource
|
||||
+RSA.KeyLength=2048
|
||||
+Logs.Verbose=y
|
||||
+.RE
|
||||
+
|
||||
+.SH FILES AND DIRECTORIES
|
||||
+.TP
|
||||
+\fB/etc/waagent.conf\fR
|
||||
+Main configuration file.
|
||||
+
|
||||
+.TP
|
||||
+\fB/var/lib/waagent\fR
|
||||
+State files and provisioning artifacts.
|
||||
+
|
||||
+.TP
|
||||
+\fB/var/log/waagent.log\fR
|
||||
+Agent log file.
|
||||
+
|
||||
+.SH SERVICES
|
||||
+On systemd systems, the agent runs as:
|
||||
+.RS
|
||||
+.B systemctl start <waagent.service|walinuxagent.service>
|
||||
+.B systemctl enable <waagent.service|walinuxagent.service>
|
||||
+.RE
|
||||
+
|
||||
+.SH EXIT STATUS
|
||||
+Zero on success, non-zero on error.
|
||||
+
|
||||
+.SH EXAMPLES
|
||||
+.TP
|
||||
+Deprovision before capturing an image:
|
||||
+.RS
|
||||
+waagent -deprovision+user && rm -rf /var/lib/waagent && shutdown -h now
|
||||
+.RE
|
||||
+
|
||||
+.SH SEE ALSO
|
||||
+.BR systemctl (1),
|
||||
+.BR cloud-init (1)
|
||||
+
|
||||
+.SH HOMEPAGE
|
||||
+.B https://github.com/Azure/WALinuxAgent
|
||||
+
|
||||
+.B https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux
|
||||
+
|
||||
+.SH COPYRIGHT
|
||||
+Copyright 2018 Microsoft Corporation
|
||||
+
|
||||
+.SH AUTHORS
|
||||
+Microsoft Azure Linux Team
|
||||
diff --git a/setup.py b/setup.py
|
||||
index cf6e90b5..9ed135fb 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -17,7 +17,9 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
+import gzip
|
||||
import os
|
||||
+import shutil
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
@@ -87,6 +89,16 @@ def set_udev_files(data_files, dest="/etc/udev/rules.d/", src=None):
|
||||
"config/99-azure-product-uuid.rules"]
|
||||
data_files.append((dest, src))
|
||||
|
||||
+def set_man_files(data_files, dest="/usr/share/man/man1", src=None):
|
||||
+ if src is None:
|
||||
+ src = ["doc/man/waagent.1"]
|
||||
+ src_gz = []
|
||||
+ for file in src:
|
||||
+ with open(file, 'rb') as f_in, gzip.open(file+".gz", 'wb') as f_out:
|
||||
+ shutil.copyfileobj(f_in, f_out)
|
||||
+ src_gz.append(file+".gz")
|
||||
+ data_files.append((dest, src_gz))
|
||||
+
|
||||
|
||||
def get_data_files(name, version, fullname): # pylint: disable=R0912
|
||||
"""
|
||||
@@ -107,6 +119,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
|
||||
set_conf_files(data_files)
|
||||
set_logrotate_files(data_files)
|
||||
set_udev_files(data_files)
|
||||
+ set_man_files(data_files)
|
||||
if version.startswith("8") or version.startswith("9"):
|
||||
# redhat 8+ uses systemd and python3
|
||||
set_systemd_files(data_files, dest=systemd_dir_path,
|
||||
@@ -255,6 +268,7 @@ def get_data_files(name, version, fullname): # pylint: disable=R0912
|
||||
set_logrotate_files(data_files)
|
||||
set_udev_files(data_files)
|
||||
set_systemd_files(data_files, dest=systemd_dir_path)
|
||||
+ set_man_files(data_files)
|
||||
else:
|
||||
# Use default setting
|
||||
set_bin_files(data_files, dest=agent_bin_path)
|
||||
--
|
||||
2.50.1
|
||||
|
||||
@ -1,59 +0,0 @@
|
||||
From c8df88fd1fedb25727fff64ecc5dde1a59d7a976 Mon Sep 17 00:00:00 2001
|
||||
From: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Date: Mon, 6 Jan 2025 17:13:11 +0100
|
||||
Subject: redhat: Add a udev rule to avoid managing slave NICs with
|
||||
NetworkManager
|
||||
|
||||
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-MergeRequest: 16: redhat: Add a udev rule to avoid managing slave NICs with NetworkManager
|
||||
RH-Jira: RHEL-5880
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [1/1] 8d0a87117c847aafec5fa97d3e4e74ade531c033 (vkuznets/WALinuxAgentCentOS)
|
||||
|
||||
This is borrowed from https://github.com/Azure/azure-vm-utils/pull/41 and
|
||||
the long term plan is to get azure-vm-utils packaged for RHEL
|
||||
eventually. For the time being, just put the required udev rule into
|
||||
WALinuxAgent package.
|
||||
|
||||
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
Patch-name: wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
|
||||
Patch-id:
|
||||
Patch-present-in-specfile: True
|
||||
---
|
||||
.distro/WALinuxAgent.spec | 1 +
|
||||
config/10-azure-unmanaged-sriov.rules | 6 ++++++
|
||||
setup.py | 3 ++-
|
||||
3 files changed, 9 insertions(+), 1 deletion(-)
|
||||
create mode 100644 config/10-azure-unmanaged-sriov.rules
|
||||
|
||||
diff --git a/config/10-azure-unmanaged-sriov.rules b/config/10-azure-unmanaged-sriov.rules
|
||||
new file mode 100644
|
||||
index 00000000..7eefcb26
|
||||
--- /dev/null
|
||||
+++ b/config/10-azure-unmanaged-sriov.rules
|
||||
@@ -0,0 +1,6 @@
|
||||
+# Azure VMs with accelerated networking may have MANA, mlx4, or mlx5 SR-IOV devices which are transparently bonded to a synthetic
|
||||
+# hv_netvsc device. Mark devices with the IFF_SLAVE bit set as unmanaged devices:
|
||||
+# AZURE_UNMANAGED_SRIOV=1 for 10-azure-unmanaged-sriov.network
|
||||
+# ID_NET_MANAGED_BY=unmanaged for systemd-networkd >= 255
|
||||
+# NM_UNMANAGED=1 for NetworkManager
|
||||
+SUBSYSTEM=="net", ACTION!="remove", DRIVERS=="mana|mlx4_core|mlx5_core", ATTR{flags}=="0x?[89ABCDEF]??", ENV{AZURE_UNMANAGED_SRIOV}="1", ENV{ID_NET_MANAGED_BY}="unmanaged", ENV{NM_UNMANAGED}="1"
|
||||
diff --git a/setup.py b/setup.py
|
||||
index e83f5989..cf6e90b5 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -82,7 +82,8 @@ def set_openbsd_rc_files(data_files, dest="/etc/rc.d/", src=None):
|
||||
|
||||
def set_udev_files(data_files, dest="/etc/udev/rules.d/", src=None):
|
||||
if src is None:
|
||||
- src = ["config/66-azure-storage.rules",
|
||||
+ src = ["config/10-azure-unmanaged-sriov.rules",
|
||||
+ "config/66-azure-storage.rules",
|
||||
"config/99-azure-product-uuid.rules"]
|
||||
data_files.append((dest, src))
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -0,0 +1,57 @@
|
||||
From 6d452b28383c59a8193595daaca13fa8db9338a1 Mon Sep 17 00:00:00 2001
|
||||
From: Mohammed Gamal <mgamal@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 13:36:07 +0200
|
||||
Subject: [PATCH] redhat: Fix command sequence for restarting net interface
|
||||
|
||||
RH-Author: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
RH-MergeRequest: 2: redhat: Fix command sequence for restarting net interface
|
||||
RH-Commit: [1/1] e838ff196b8823f64e08247b3a4dac9d60e5ed72
|
||||
RH-Bugzilla: 2098233
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2098233
|
||||
|
||||
Apparently the down and up commands need to be run in the same command, so
|
||||
connect them together with "&&" operator. Also re-implement restart_if ot handle
|
||||
warnings same wat as other distros
|
||||
|
||||
Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
|
||||
---
|
||||
azurelinuxagent/common/osutil/redhat.py | 22 ++++++++++------------
|
||||
1 file changed, 10 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
|
||||
index a02647cd..5c397ae8 100644
|
||||
--- a/azurelinuxagent/common/osutil/redhat.py
|
||||
+++ b/azurelinuxagent/common/osutil/redhat.py
|
||||
@@ -147,16 +147,14 @@ class RedhatOSUtil(Redhat6xOSUtil):
|
||||
"""
|
||||
Restart an interface by bouncing the link.
|
||||
"""
|
||||
- retry_limit=retries+1
|
||||
+ retry_limit = retries + 1
|
||||
for attempt in range(1, retry_limit):
|
||||
- try:
|
||||
- shellutil.run_command(["ip", "link", "set", ifname, "down"])
|
||||
- shellutil.run_command(["ip", "link", "set", ifname, "up"])
|
||||
-
|
||||
- except shellutil.CommandError as cmd_err:
|
||||
- logger.warn("failed to restart {0}: return code {1}".format(ifname, cmd_err.returncode))
|
||||
- if attempt < retry_limit:
|
||||
- logger.info("retrying in {0} seconds".format(wait))
|
||||
- time.sleep(wait)
|
||||
- else:
|
||||
- logger.warn("exceeded restart retries")
|
||||
+ return_code = shellutil.run("ip link set {0} down && ip link set {0} up".format(ifname), expected_errors=[1] if attempt < retries else [])
|
||||
+ if return_code == 0:
|
||||
+ return
|
||||
+ logger.warn("failed to restart {0}: return code {1}".format(ifname, return_code))
|
||||
+ if attempt < retry_limit:
|
||||
+ logger.info("retrying in {0} seconds".format(wait))
|
||||
+ time.sleep(wait)
|
||||
+ else:
|
||||
+ logger.warn("exceeded restart retries")
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
From 8ac14e61d8067bd8b4e60c59b35b4a4227f8a242 Mon Sep 17 00:00:00 2001
|
||||
From b85814d5683c7f8a1e1b5f3570bcce0a8f76137b Mon Sep 17 00:00:00 2001
|
||||
From: Mohammed Gamal <mgamal@redhat.com>
|
||||
Date: Fri, 29 Jul 2022 13:07:13 +0200
|
||||
Subject: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL
|
||||
distros
|
||||
Subject: [PATCH 1/2] redhat: Use NetworkManager to set DHCP hostnames on
|
||||
recent RHEL distros
|
||||
|
||||
RH-Author: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
RH-MergeRequest: 3: redhat: Use NetworkManager to set DHCP hostnames on recent RHEL distros
|
||||
@ -20,22 +20,18 @@ stored in /etc/sysconfig/ifcfg-{interface}.
|
||||
Fix this for setting DHCP hostnames in those RHEL versions.
|
||||
|
||||
Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
|
||||
|
||||
Patch-name: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
|
||||
Patch-id:
|
||||
Patch-present-in-specfile: True
|
||||
---
|
||||
azurelinuxagent/common/osutil/redhat.py | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
diff --git a/azurelinuxagent/common/osutil/redhat.py b/azurelinuxagent/common/osutil/redhat.py
|
||||
index a9a10347..b85b2d42 100644
|
||||
index 5c397ae8..7dd36add 100644
|
||||
--- a/azurelinuxagent/common/osutil/redhat.py
|
||||
+++ b/azurelinuxagent/common/osutil/redhat.py
|
||||
@@ -272,3 +272,15 @@ class RedhatOSModernUtil(RedhatOSUtil):
|
||||
# NetworkManager restart in RedhatOSModernUtil because the issue was not reproduced on these versions.
|
||||
shellutil.run("service NetworkManager restart")
|
||||
DefaultOSUtil.publish_hostname(self, hostname)
|
||||
@@ -158,3 +158,15 @@ class RedhatOSUtil(Redhat6xOSUtil):
|
||||
time.sleep(wait)
|
||||
else:
|
||||
logger.warn("exceeded restart retries")
|
||||
+
|
||||
+ def set_dhcp_hostname(self, hostname):
|
||||
+ """
|
||||
@ -49,5 +45,5 @@ index a9a10347..b85b2d42 100644
|
||||
+ if return_code != 0:
|
||||
+ logger.error("failed to set DHCP hostname for interface {0}: return code {1}".format(ifname, return_code))
|
||||
--
|
||||
2.39.3
|
||||
2.31.1
|
||||
|
||||
|
||||
@ -2,52 +2,50 @@
|
||||
%global dracut_modname_udev 97walinuxagent
|
||||
%global dracut_modname_cvm 97walinuxagentcvm
|
||||
|
||||
Name: WALinuxAgent
|
||||
Version: 2.13.1.1
|
||||
Release: 3.0.1%{?dist}.2
|
||||
Summary: The Microsoft Azure Linux Agent
|
||||
Name: WALinuxAgent
|
||||
Version: 2.7.0.6
|
||||
Release: 9%{?dist}.alma
|
||||
Summary: The Microsoft Azure Linux Agent
|
||||
|
||||
License: ASL 2.0
|
||||
URL: https://github.com/Azure/%{name}
|
||||
Source0: https://github.com/Azure/%{name}/archive/v%{version}.tar.gz
|
||||
Source1: module-setup-udev.sh
|
||||
Source2: module-setup-cvm.sh
|
||||
Source3: 90-tpm2-import.rules
|
||||
Source4: tpm2-luks-import.sh
|
||||
License: ASL 2.0
|
||||
URL: https://github.com/Azure/%{name}
|
||||
Source0: https://github.com/Azure/%{name}/archive/v%{version}.tar.gz
|
||||
Source1: module-setup-udev.sh
|
||||
Source2: module-setup-cvm.sh
|
||||
Source3: 90-tpm2-import.rules
|
||||
Source4: tpm2-luks-import.sh
|
||||
|
||||
# Python3.9 fixes
|
||||
Patch0001: 0001-Initial-redhat-build-configuation.patch
|
||||
Patch0002: 0002-Implement-restart_if-for-RedHat-OS.patch
|
||||
# For bz#2098233 - [Azure][WALA][RHEL-9] [9.1] walinuxagent kills network during boot
|
||||
Patch3: wla-redhat-Fix-command-sequence-for-restarting-net-inter.patch
|
||||
# For bz#2114830 - [Azure][WALA][RHEL-9.1] Provisioning failed if no ifcfg-eth0
|
||||
Patch0001: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
|
||||
# For RHEL-7273 - [Azure][WALA] Consider to disable Log collector
|
||||
Patch0002: wla-Disable-automatic-log-collector.patch
|
||||
# For RHEL-5880 - [Azure][RHEL-9]68-azure-sriov-nm-unmanaged.rules cannot stop NetworkManager-wait-online.service checking SRIOV interface
|
||||
Patch0003: wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch
|
||||
# For RHEL-109496 - [Azure][WALA][RHEL-9] Missing man page
|
||||
Patch4: wla-docs-add-waagent-manpage-3401.patch
|
||||
# For RHEL-97572 - [Azure][RHEL-9][WALA][Image mode] Cannot find 'service' command
|
||||
Patch5: wla-Use-systemctl-instead-of-service-to-manager-services.patch
|
||||
# For RHEL-124949 - Update walagent to 2.14 to support FIPS 140-3 on Azure [rhel-9.7.z]
|
||||
Patch6: wla-Support-for-FIPS-140-3-3324.patch
|
||||
# For RHEL-134939 - Backport ConditionVirtualization=|microsoft for waagent in RHEL 9.x [rhel-9.7.z]
|
||||
Patch7: wla-Jira-https-issues.redhat.com-browse-RHEL-134939.patch
|
||||
Patch1000: 0100-add-oracle-support.patch
|
||||
Patch4: wla-redhat-Use-NetworkManager-to-set-DHCP-hostnames-on-r.patch
|
||||
# For bz#2093965 - [Azure][WALA][RHEL-9] The description of "Logs.Collect" is incorrect
|
||||
Patch5: wla-Update-Log-Collector-default-in-Comments-and-Readme-.patch
|
||||
|
||||
BuildArch: noarch
|
||||
# Source-git patches
|
||||
# AlmaLinux
|
||||
Patch1000: WALinuxAgent-2.3-almalinux_support.patch
|
||||
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
BuildRequires: python3-distro
|
||||
Requires: %name-udev = %version-%release
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
BuildRequires: python3-distro
|
||||
Requires: %name-udev = %version-%release
|
||||
%if 0%{?fedora}
|
||||
Requires: ntfsprogs
|
||||
Requires: ntfsprogs
|
||||
%endif
|
||||
Requires: openssh
|
||||
Requires: openssh-server
|
||||
Requires: openssl
|
||||
Requires: parted
|
||||
Requires: python3-pyasn1
|
||||
Requires: iptables
|
||||
Requires: openssh
|
||||
Requires: openssh-server
|
||||
Requires: openssl
|
||||
Requires: parted
|
||||
Requires: python3-pyasn1
|
||||
Requires: iptables
|
||||
|
||||
BuildRequires: systemd
|
||||
BuildRequires: systemd
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
@ -59,25 +57,25 @@ images that are built to run in the Microsoft Azure environment.
|
||||
|
||||
%if 0%{?with_legacy}
|
||||
%package legacy
|
||||
Summary: The Microsoft Azure Linux Agent (legacy)
|
||||
Requires: %name = %version-%release
|
||||
Requires: python2
|
||||
Requires: net-tools
|
||||
Summary: The Microsoft Azure Linux Agent (legacy)
|
||||
Requires: %name = %version-%release
|
||||
Requires: python2
|
||||
Requires: net-tools
|
||||
|
||||
%description legacy
|
||||
The Microsoft Azure Linux Agent supporting old version of extensions.
|
||||
%endif
|
||||
|
||||
%package udev
|
||||
Summary: Udev rules for Microsoft Azure
|
||||
Summary: Udev rules for Microsoft Azure
|
||||
|
||||
%description udev
|
||||
Udev rules specific to Microsoft Azure Virtual Machines.
|
||||
|
||||
%package cvm
|
||||
Summary: Microsoft Azure CVM specific tools
|
||||
Requires: tpm2-tools
|
||||
Requires: cryptsetup
|
||||
Summary: Microsoft Azure CVM specific tools
|
||||
Requires: tpm2-tools
|
||||
Requires: cryptsetup
|
||||
|
||||
%description cvm
|
||||
Scripts and udev rules specific to Microsoft Azure Confidential Virtual Machines.
|
||||
@ -86,6 +84,8 @@ Scripts and udev rules specific to Microsoft Azure Confidential Virtual Machines
|
||||
%setup -q
|
||||
%autopatch -p1
|
||||
|
||||
%patch1000 -p1
|
||||
|
||||
%build
|
||||
%py3_build
|
||||
|
||||
@ -133,7 +133,6 @@ rm -rf %{_unitdir}/waagent.service.d/
|
||||
|
||||
%files
|
||||
%doc LICENSE.txt NOTICE README.md
|
||||
%{_mandir}/man1/waagent.1.gz
|
||||
%ghost %{_localstatedir}/log/waagent.log
|
||||
%ghost %{_unitdir}/waagent-network-setup.service
|
||||
%dir %attr(0700, root, root) %{_sharedstatedir}/waagent
|
||||
@ -147,7 +146,6 @@ rm -rf %{_unitdir}/waagent.service.d/
|
||||
%{python3_sitelib}/*.egg-info
|
||||
|
||||
%files udev
|
||||
%{_udevrulesdir}/10-azure-unmanaged-sriov.rules
|
||||
%{_udevrulesdir}/66-azure-storage.rules
|
||||
%{_udevrulesdir}/99-azure-product-uuid.rules
|
||||
%dir %{_prefix}/lib/dracut/modules.d/%{dracut_modname_udev}
|
||||
@ -165,53 +163,8 @@ rm -rf %{_unitdir}/waagent.service.d/
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Feb 17 2026 Darren Archibald <darren.archibald@oracle.com> - 2.13.1.1-3.0.1.el9_7.2
|
||||
- Add oracle support to fix waagent.service build issue
|
||||
|
||||
* Tue Jan 06 2026 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-3.el9_7.2
|
||||
- wla-Jira-https-issues.redhat.com-browse-RHEL-134939.patch [RHEL-134939]
|
||||
- Resolves: RHEL-134939
|
||||
(Backport ConditionVirtualization=|microsoft for waagent in RHEL 9.x [rhel-9.7.z])
|
||||
|
||||
* Tue Dec 02 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-3.el9_7.1
|
||||
- wla-Support-for-FIPS-140-3-3324.patch [RHEL-124949]
|
||||
- Resolves: RHEL-124949
|
||||
(Update walagent to 2.14 to support FIPS 140-3 on Azure [rhel-9.7.z])
|
||||
|
||||
* Thu Aug 21 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-3
|
||||
- wla-Use-systemctl-instead-of-service-to-manager-services.patch [RHEL-97572]
|
||||
- Resolves: RHEL-97572
|
||||
([Azure][RHEL-9][WALA][Image mode] Cannot find 'service' command)
|
||||
|
||||
* Thu Aug 21 2025 Jon Maloy <jmaloy@redhat.com> - 2.13.1.1-2
|
||||
- wla-docs-add-waagent-manpage-3401.patch [RHEL-109496]
|
||||
- Resolves: RHEL-109496
|
||||
([Azure][WALA][RHEL-9] Missing man page)
|
||||
|
||||
* Thu May 22 2025 Vitaly Kuznetsov <vkuznets@redhat.com> - 2.13.1.1-1
|
||||
* Rebase to 2.13.1.1 [RHEL-91090]
|
||||
- Resolves: RHEL-91090
|
||||
(Rebase to v2.13.1.1 [rhel-9])
|
||||
|
||||
* Fri Apr 11 2025 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-13
|
||||
- wla-redhat-Include-10-azure-unmanaged-sriov.rules-into-i.patch [RHEL-40957]
|
||||
- Resolves: RHEL-40957
|
||||
([Azure][ARM][RHEL-9] Kdump cannot save vmcore via ssh or nfs)
|
||||
|
||||
* Wed Apr 02 2025 Jon Maloy <jmaloy@redhat.com> - 2.7.0.6-12
|
||||
- wla-redhat-Include-10-azure-unmanaged-sriov.rules-into-i.patch [RHEL-40957]
|
||||
- Resolves: RHEL-40957
|
||||
([Azure][ARM][RHEL-9] Kdump cannot save vmcore via ssh or nfs)
|
||||
|
||||
* Fri Jan 17 2025 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-11
|
||||
- wla-redhat-Add-a-udev-rule-to-avoid-managing-slave-NICs-.patch [RHEL-5880]
|
||||
- Resolves: RHEL-5880
|
||||
([Azure][RHEL-9]68-azure-sriov-nm-unmanaged.rules cannot stop NetworkManager-wait-online.service checking SRIOV interface)
|
||||
|
||||
* Thu May 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-10
|
||||
- wla-Disable-automatic-log-collector.patch [RHEL-7273]
|
||||
- Resolves: RHEL-7273
|
||||
([Azure][WALA] Consider to disable Log collector)
|
||||
* Wed Mar 29 2023 Eduard Abdullin <eabdullin@almalinux.org> - 2.7.0.6-9.alma
|
||||
- Add AlmaLinux support
|
||||
|
||||
* Wed Feb 08 2023 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-9
|
||||
- wla-redhat-Adjust-tpm2_createprimary-key-attributes-to-m.patch [bz#2167322]
|
||||
@ -237,7 +190,6 @@ rm -rf %{_unitdir}/waagent.service.d/
|
||||
- wla-redhat-Mark-directories-properly-in-the-files-list.patch [bz#2114768]
|
||||
- Resolves: bz#2114768
|
||||
([Azure][WALA][RHEL-9] When remove package some files left)
|
||||
|
||||
* Wed Aug 17 2022 Miroslav Rezanina <mrezanin@redhat.com> - 2.7.0.6-4
|
||||
- wla-redhat-Remove-all-waagent-unit-files-when-uninstalli.patch [bz#2114768]
|
||||
- Resolves: bz#2114768
|
||||
|
||||
Loading…
Reference in New Issue
Block a user